def mutate(self, packets): broadcast = self.broadcast timer = self.timer result = [] #if fragmented or packets too short if utils.check_fragmentation(packets[0]) or len(packets)<2: return packets for i in range(0,len(packets)): forged = packets[i].copy() #del tcp payload forged.payload = utils.tcp_bad_payload(forged.payload, utils.NOPAYLOAD) #set fields forged.payload.seq += i*527600 forged.payload.flags = 'S' #broadcast address forged.dst = broadcast #set timer forged.timeout = timer #append packets result.append(packets[i]) result.append(forged) return result
def mutate(self, packets): result = [] numseg = self.numseg position = self.position #Not enough segments, Syn or Ack, return if utils.check_length(numseg, packets) or utils.check_syn(packets[numseg-1]) or utils.check_ack(packets[numseg-1]): return packets #if numseg >= len(packets): # return packets forged = packets[numseg-1].copy() forged = utils.tcp_bad_payload(forged) forged.flags = 0 if position == "after": packets.insert(numseg, forged) elif position == "before": packets.insert(numseg-1, forged) else: packets.append(packets[numseg-1]) del(packets[numseg-1]) packets.insert(numseg-1, forged) return packets
def mutate(self, packets):
numseg = self.numseg
position = self.position
# Not enough segments, Syn or Ack, return
if (
utils.check_length(numseg, packets)
or utils.check_syn(packets[numseg - 1])
or utils.check_ack(packets[numseg - 1])
):
return packets
forged = packets[numseg - 1].copy()
forged = utils.tcp_bad_payload(forged)
# calculate and modify chksum
forged.chksum = scapy.checksum(forged) + 1
"""il frammento manipolato dovrebbe essere preso per buono da
snort -k notcp ma scartato da host vittima. """
# insert forged segment
if position == "after":
packets.insert(numseg, forged)
elif position == "before":
packets.insert(numseg - 1, forged)
# last position is for original packet, not the forged one!!!!
elif position == "last":
packets.append(packets[numseg - 1])
del (packets[numseg - 1])
packets.insert(numseg - 1, forged)
return packets
def mutate(self, packets): numseg = self.numseg thl = self.thl position = self.position #Not enough segments, Syn or Ack, return if utils.check_length(numseg, packets) or utils.check_syn(packets[numseg-1]) or utils.check_ack(packets[numseg-1]): return packets forged = packets[numseg-1].copy() forged = utils.tcp_bad_payload(forged) #modify data offset in tcp field forged.dataofs = thl #insert forged segment if position == "after": packets.insert(numseg, forged) elif position == "before": packets.insert(numseg-1, forged) elif position == "last": packets.append(packets[numseg-1]) del(packets[numseg-1]) packets.insert(numseg-1, forged) return packets
def mutate(self, packets): BADMAC = self.BADMAC timer = self.timer numframe = self.numframe #if packet is fragmented,SYN or ACK do nothing if utils.check_length(numframe, packets) or utils.check_syn(packets[numframe-1].payload.payload) or utils.check_ack(packets[numframe-1].payload.payload) or utils.check_fragmentation(packets[numframe-1].payload): return packets #create fake RST forged = packets[numframe-1].copy() forged.payload.payload = utils.tcp_bad_payload(forged.payload.payload, utils.NOPAYLOAD) forged.dst=BADMAC #set reset flag forged.payload.payload.flags = 'R' #insert fake RST packets.insert(numframe-1, forged) #append original packets.append(packets[numframe]) del(packets[numframe]) #create fake SYN forged_syn = packets[numframe-1].copy() forged_syn.dst=BADMAC forged_syn.timeout = timer forged_syn.payload.payload.flags = 'S' forged_syn.payload.payload.seq += 103245 forged_syn.payload.payload.ack = 0 #insert fake SYN packets.insert(numframe, forged_syn) #create fake SYN/ACK forged_synack = packets[numframe-1].copy() forged_synack.dst=BADMAC forged_synack.payload.payload.sport = packets[numframe].payload.payload.dport forged_synack.payload.payload.dport = packets[numframe].payload.payload.sport forged_synack.payload.payload.flags = 'SA' forged_synack.payload.payload.seq += 207654 forged_synack.payload.payload.ack = packets[numframe].payload.payload.seq + 1 forged_synack.payload.dst = packets[numframe].payload.src forged_synack.payload.src = packets[numframe].payload.dst #insert fake SYN/ACK packets.insert(numframe+1, forged_synack) #create fake ACK forged_ack = packets[numframe-1].copy() forged_ack.dst=BADMAC forged_ack.payload.payload.flags = 'A' forged_ack.payload.payload.seq = packets[numframe+1].payload.payload.ack forged_ack.payload.payload.ack = packets[numframe+1].payload.payload.seq + 1 #insert fake SYN/ACK packets.insert(numframe+2, forged_ack) #delete reset del(packets[numframe-1]) return packets
def mutate(self, packets): result = [] numseg = self.numseg timer = self.timer #Not enough segments, Syn or Ack, return if utils.check_length(numseg, packets) or utils.check_syn(packets[numseg-1]) or utils.check_ack(packets[numseg-1]): return packets forged = packets[numseg-1].copy() forged = utils.tcp_bad_payload(forged, utils.NOPAYLOAD) forged.flags = 'R' #calculate and modify chksum forged.chksum = scapy.checksum(forged)+1 packets.insert(numseg-1, forged) packets[numseg].timeout = timer return packets
def mutate(self, packets): numseg = self.numseg timer = self.timer offset = self.offset #Not enough segments, Syn or Ack, return if utils.check_length(numseg, packets) or utils.check_syn(packets[numseg-1]) or utils.check_ack(packets[numseg-1]): return packets forged = packets[numseg-1].copy() forged = utils.tcp_bad_payload(forged, utils.NOPAYLOAD) forged.flags = 'R' #seq. number forged.seq += offset packets.insert(numseg-1, forged) packets[numseg].timeout = timer return packets
def mutate(self, packets):
numseg = self.numseg
position = self.position
option = self.opt
#Not enough segments, Syn or Ack, return
if utils.check_length(numseg, packets) or utils.check_syn(packets[numseg-1]) or utils.check_ack(packets[numseg-1]):
return packets
if option == "mss":
forged=scapy.TCP(options=[("MSS",144)])/packets[numseg-1].load
elif option == "timestamp":
forged=scapy.TCP(options=[("Timestamp",(0,-1))])/packets[numseg-1].load
elif option == "wscale":
forged=scapy.TCP(options=[("WScale", 10)])/packets[numseg-1].load
elif option == "sackok":
forged=scapy.TCP(options=[("SAckOK", 1)])/packets[numseg-1].load
forged.sport = packets[numseg-1].sport
forged.dport = packets[numseg-1].dport
forged.seq = packets[numseg-1].seq
forged.ack = packets[numseg-1].ack
forged.dataofs = packets[numseg-1].dataofs
forged.reserverd = packets[numseg-1].reserved
forged.flags = packets[numseg-1].flags
if option =="timestamp":
#disable ACK flag
forged.flags = 0
forged.window = packets[numseg-1].window
forged.urgptr = packets[numseg-1].urgptr
'''nell elenco in __init__.py, mettere TCPBadOption prima di TCPFakeReset
per non rischiare che operatore precedente abbia cancellato il payload'''
forged = utils.tcp_bad_payload(forged)
if position == "after":
packets.insert(numseg, forged)
elif position == "before":
packets.insert(numseg-1, forged)
else:
packets.append(packets[numseg-1])
del(packets[numseg-1])
packets.insert(numseg-1, forged)
return packets
def mutate(self, packets): numseg = self.numseg position = self.position #Not enough segments, Syn or Ack, return if utils.check_length(numseg, packets) or utils.check_syn(packets[numseg-1]) or utils.check_ack(packets[numseg-1]): return packets forged = packets[numseg-1].copy() forged = utils.tcp_bad_payload(forged) if position == "after": #forged after original packets.insert(numseg, forged) else: #forged one before original packets.insert(numseg-1, forged) return packets
def mutate(self, packets): numseg = self.numseg position = self.position flags_ = self.flags #do nothing if utils.check_length(numseg, packets) or utils.check_syn(packets[numseg-1]) or utils.check_ack(packets[numseg-1]): return packets forged = packets[numseg-1].copy() forged = utils.tcp_bad_payload(forged) forged.flags = flags_ if position == "after": packets.insert(numseg, forged) elif position == "before": packets.insert(numseg-1, forged) else: packets.append(packets[numseg-1]) del(packets[numseg-1]) packets.insert(numseg-1, forged) return packets
